QUICK ANSWER BOX
- What it is: A federal class action alleging that MyChart-integrated hospital patient portals transmitted protected health information to Meta, Google, and other ad-tech companies through embedded tracking pixels, without patient consent and in violation of HIPAA and state privacy laws.
- Who qualifies: Adults who used a MyChart-powered patient portal at a participating hospital system between approximately 2016 and 2024 and whose protected health information was captured and transmitted through third-party tracking code embedded in those portals.
- What it's worth: Individual payouts in comparable health-data pixel cases have ranged from $50 to $7,500 depending on claim tier, harm demonstrated, and final court-approved allocation; no final settlement fund has been confirmed as of publication.
CASE SNAPSHOT
| Detail | Information |
|---|---|
| Primary Court | U.S. District Court, Northern District of California |
| Related MDL | MDL No. 3134, In re: Meta Pixel Healthcare Track Litigation |
| Presiding Judge | Judge William H. Orrick (N.D. Cal., related MDL) |
| First Major Filings | 2022 (pixel-tracking complaints); additional MyChart-specific filings 2023-2024 |
| 2026 Status | Active litigation; class certification proceedings ongoing; no global settlement confirmed |
| Estimated Class Size | Potentially tens of millions of MyChart portal users nationwide |
| Defendant Hospital Systems | Multiple, including Advocate Aurora Health, UCSF Medical Center, WakeMed, Northwestern Memorial, Dignity Health (named in related filings) |
| Primary Legal Theories | HIPAA, Electronic Communications Privacy Act, California CMIA, state wiretapping statutes |
| Settlement Fund | Not confirmed as of 2026 publication date |
Understanding the MyChart Lawsuit 2026
The MyChart lawsuit 2026 refers to a collection of overlapping federal class actions alleging that hospital systems violated patient privacy by embedding third-party advertising trackers inside their MyChart-powered patient portals.
These trackers, primarily Meta's advertising pixel and Google Analytics tags, captured sensitive health-related data. That data was transmitted to Meta and Google without patient authorization.
The legal exposure for hospitals is substantial. Plaintiffs allege violations of HIPAA, the federal Electronic Communications Privacy Act, and a range of state-specific privacy statutes. The cases are among the largest health data privacy actions in U.S. history.
What Is the MyChart Class Action Lawsuit 2026?
The MyChart class action lawsuit 2026 is a multi-front legal proceeding targeting hospital systems that deployed tracking pixels on patient portal pages. Those portals were built on Epic Systems' MyChart platform.
The core allegation is specific. When a patient logged into a hospital's MyChart portal to view lab results, schedule appointments, or message their physician, invisible tracking code embedded in the page transmitted data to Meta's servers. That data included URL strings encoding appointment types, medication names, and condition-specific identifiers.
The legal theory rests on two parallel tracks. First, hospitals are HIPAA-covered entities and cannot share protected health information with unauthorized third parties. Second, the interception of communications containing health data implicates federal and state wiretapping statutes, which carry their own damages frameworks independent of HIPAA.
| Legal Theory | Governing Statute | Potential Damages |
|---|---|---|
| HIPAA Violation | 45 CFR Part 164 | Regulatory fines (not private right of action); supports negligence claims |
| Federal Wiretapping | 18 U.S.C. § 2511 (ECPA) | $100/day or $10,000 per violation, whichever is greater |
| California CMIA | Cal. Health & Safety Code § 56 et seq. | $1,000 per violation (statutory); actual damages |
| State Consumer Protection | Varies by state | Actual damages, injunctive relief, attorneys' fees |
*Attorney Insight: Attorneys handling these claims emphasize that the ECPA wiretapping theory is significant because it creates a private right of action, unlike HIPAA itself, giving plaintiffs a direct path to individual statutory damages without proving out-of-pocket loss.*
MyChart Lawsuit Update: Where Things Stand in 2026
The mychart lawsuit update picture in 2026 is one of active consolidation and ongoing class certification battles. No single global settlement has been finalized as of this publication.
The most developed parallel proceeding is MDL No. 3134, In re: Meta Pixel Healthcare Track Litigation, in the Northern District of California before Judge William H. Orrick. That MDL consolidates dozens of pixel-tracking cases against hospital systems. MyChart-specific claims are embedded within that broader proceeding.
Separately, courts in Illinois, Pennsylvania, and the District of Maryland are handling cases against specific hospital systems with distinct state-law theories. The Illinois cases are particularly active given the state's strict Medical Patient Rights Act and general wiretapping statute.
Key 2026 Milestones:
- Class certification briefing is ongoing in the Northern District of California MDL
- Several defendant hospital systems have filed motions to dismiss on HIPAA preemption grounds
- At least two named hospital defendants have entered preliminary settlement discussions with plaintiffs' counsel, though no terms have been made public
- The Federal Trade Commission issued supplemental guidance in late 2024 on pixel tracking in healthcare settings, which plaintiffs are citing in current briefings
*Attorney Insight: Attorneys following the MDL note that HIPAA preemption arguments by defendant hospitals have largely failed at the motion-to-dismiss stage, which significantly strengthens the plaintiffs' position heading into class certification.*
MyChart Lawsuit Status 2026: Active Cases and Court Proceedings
The mychart lawsuit status 2026 remains active across multiple federal districts, with no single resolution date on the horizon. This is a sprawling litigation ecosystem, not a single case.
MDL No. 3134 in San Francisco is the gravity center for California-connected claims. Judge Orrick has allowed ECPA and state privacy claims to survive early dismissal motions, a significant indicator of case strength. Discovery is underway, with plaintiffs' counsel seeking internal communications from both hospital defendants and Meta regarding the pixel's configuration.
In the Northern District of Illinois, cases targeting Advocate Aurora Health and Northwestern Memorial Hospital have proceeded on parallel tracks. Illinois plaintiffs have the additional advantage of the state's Consumer Fraud and Deceptive Business Practices Act, which allows for punitive damages.
| Jurisdiction | Key Cases | Current Phase | Estimated Resolution |
|---|---|---|---|
| N.D. California (MDL 3134) | Multiple hospital defendants | Discovery / Class certification | 2026-2027 |
| N.D. Illinois | Advocate Aurora, Northwestern Memorial | Motion practice, early discovery | 2026-2027 |
| D. Maryland | University of Maryland Medical System (related filings) | Early stages | Unknown |
| E.D. Pennsylvania | Penn Medicine related actions | Motion to dismiss phase | Unknown |
*Attorney Insight: Attorneys in these cases report that discovery is producing significant internal documents showing that hospital IT and marketing departments were aware of the pixel's data-capture scope, which may prove critical to establishing willfulness.*
Litigation Watch: The MyChart litigation is not a single lawsuit with a single settlement date. It is a coordinated cluster of federal class actions at different procedural stages, with the Northern District of California MDL as the most developed proceeding.
Who Qualifies for the MyChart Lawsuit?
Who qualifies for the MyChart lawsuit depends on three primary factors: which hospital's portal you used, whether that hospital had tracking pixels installed during the relevant period, and whether the data transmitted included protected health information as defined under HIPAA.
Broad eligibility criteria, based on operative complaints filed through 2024, point toward the following profile:
Likely Qualifying Class Members:
- Used a MyChart patient portal at one of the named defendant hospital systems
- Accessed the portal between 2016 and 2024 (the period during which pixels were most widely deployed)
- Viewed health-specific pages such as test results, appointment scheduling, medication lists, or condition-related content
- Received a breach notification letter from a hospital referencing pixel tracking or third-party data sharing
Factors That May Affect Claim Strength:
- Whether you live in a state with a private right of action under a state health privacy statute (California, Illinois, Washington have stronger frameworks)
- Whether the transmitted data included identifiable health condition information vs. generic portal metadata
- Whether you consented to data sharing through portal terms of service (defendants argue consent; plaintiffs dispute this argument)
*Attorney Insight: Attorneys handling intake for these cases note that patients who received formal breach notification letters have stronger evidentiary standing because the hospital's own disclosure creates a baseline admission of data exposure.*
MyChart Lawsuit Eligibility: The Technical Legal Standard
MyChart lawsuit eligibility under the operative legal theories requires more than simply having a MyChart account. The specific data transmission must fall within the scope of protected health information under HIPAA.
The technical standard comes down to what data the pixel captured. A pixel that recorded only that a user visited a hospital's homepage may not satisfy HIPAA's PHI definition. A pixel that recorded a URL containing a patient's appointment type, a condition-specific search term, or a medication name almost certainly does.
Court records from the MDL reveal that Meta's Pixel was configured, in many cases, to capture URL strings in their entirety. Hospital patient portals routinely encode health information in those URL strings. The plaintiffs' experts argue this constitutes per se PHI disclosure.
Eligibility Threshold Comparison:
| Data Type Captured | HIPAA PHI Status | ECPA Coverage | Claim Strength |
|---|---|---|---|
| Generic homepage visit | Likely not PHI | Marginal | Weak |
| Appointment type in URL | PHI (condition-specific) | Yes | Strong |
| Lab result page access | PHI | Yes | Strong |
| Medication refill page | PHI | Yes | Strong |
| Condition-specific search | PHI | Yes | Very Strong |
*Attorney Insight: Attorneys reviewing these cases advise that the strongest individual claims involve patients whose portal activity encoded a specific diagnosis, medication, or procedure type in the URL structure, making the transmission's sensitivity difficult for defendants to dispute.*
Which Hospitals Are Named in the MyChart Lawsuit?
MyChart lawsuit which hospitals are named is one of the most common questions in this litigation, and the answer is a growing list with significant variation by state.
Based on publicly filed complaints and MDL docket records through early 2026, the following hospital systems have been named as defendants in pixel-tracking lawsuits directly involving their MyChart patient portals:
- Advocate Aurora Health (Illinois/Wisconsin) – Named in N.D. Illinois filings
- UCSF Medical Center (California) – Named in N.D. California MDL-related actions
- WakeMed Health & Hospitals (North Carolina) – Named in related pixel complaints
- Northwestern Memorial Hospital (Illinois) – Named in N.D. Illinois proceedings
- Dignity Health (California and multi-state) – Named in California-venue complaints
- Novant Health (North Carolina/South Carolina) – Named in related filings
- University of Chicago Medical Center – Named in Illinois-based actions
This list is not exhaustive. Multiple additional health systems have appeared in pixel-tracking complaints that intersect with MyChart portal infrastructure. Plaintiffs' counsel have indicated publicly that additional defendant health systems may be added as discovery proceeds.
*Attorney Insight: Attorneys emphasize that the absence of your specific hospital from published lists does not mean it was not using tracking pixels. Many health systems have not yet been the subject of a named complaint but may still be operating under settlement pressure or regulatory scrutiny.*
MyChart Data Breach Lawsuit 2026: What Data Was Actually Exposed
The mychart data breach lawsuit 2026 framing requires a technical clarification. This is not a traditional data breach in the sense of an external hacker accessing a database. The data exposure was built into the portal's own code.
Hospital marketing and IT teams installed third-party JavaScript code, primarily Meta's Pixel and Google's analytics tags, directly into the patient portal interface. Each time a patient loaded a portal page, that code executed in the patient's browser, captured behavioral and session data, and transmitted it to Meta's and Google's servers.
The transmitted data, in many documented cases, included URL parameters encoding protected health information. Experts retained by plaintiffs analyzed pixel behavior and found that health condition identifiers, appointment categories, and medication references were routinely included in the data stream.
What Was Captured and Transmitted:
- URL strings containing appointment type keywords (e.g., "oncology," "cardiology," "psychiatry")
- Page titles indicating the health content being accessed
- Referral URLs showing which health condition pages preceded portal login
- IP addresses (which, combined with health data, constitute PHI under HIPAA)
- Browser and device identifiers linkable to individual patients
*Attorney Insight: Attorneys in these cases note that the hospital defendants' argument, that they configured the pixel to exclude PHI, has been undercut in discovery by technical logs showing that the pixel in fact captured health-specific URL strings in real time.*
Litigation Watch: The data exposure in these MyChart cases was not the result of an external intrusion. It was a structural feature of how hospitals deployed ad-tech tools inside federally regulated healthcare environments, a distinction that affects both liability and damages calculations significantly.
MyChart Pixel Tracking Lawsuit: How the Technology Created Legal Liability
The mychart pixel tracking lawsuit rests on understanding how advertising pixels function in a healthcare context and why their use inside patient portals is legally distinct from their use on a retail website.
A tracking pixel is a small piece of JavaScript code, typically one line, that loads invisibly when a page renders. On a commercial e-commerce site, this code captures browsing behavior to serve targeted ads. On a hospital patient portal, the same code captures interactions with health records.
The legal distinction is absolute. HIPAA's privacy rule prohibits covered entities, including hospitals, from disclosing protected health information to business associates without a compliant Business Associate Agreement. Meta and Google do not function as HIPAA-compliant business associates for this purpose. Their advertising data systems are categorically excluded from that framework.
How the Pixel Creates a Legal Claim:
- Hospital installs Meta Pixel on MyChart portal pages
- Patient logs in and accesses health-specific content
- Pixel captures URL data including health identifiers
- Pixel transmits that data to Meta's servers in real time
- Meta uses data for ad targeting; patient has no knowledge
- Transmission constitutes unauthorized disclosure of PHI under HIPAA
- Simultaneous interception constitutes wiretapping under ECPA
*Attorney Insight: Attorneys familiar with these technical liability frameworks point out that the pixel's real-time transmission is legally treated as a contemporaneous interception, which is exactly what triggers the wiretapping statute rather than a pure data breach theory.*
MyChart HIPAA Violation Lawsuit: The Regulatory and Civil Overlap
The mychart hipaa violation lawsuit framing requires understanding that HIPAA itself does not give patients a private right of action. Patients cannot sue directly under HIPAA. The law is enforced by the U.S. Department of Health and Human Services' Office for Civil Rights.
However, HIPAA violations serve a critical evidentiary and framing function in private litigation. When plaintiffs allege negligence per se, they use the HIPAA violation as the standard of care benchmark. A hospital that violated HIPAA is, by that logic, operating below the legally required standard of care for patient data protection.
The Office for Civil Rights has issued civil monetary penalties against several hospital systems in connection with pixel tracking. WakeMed Health and Hospitals paid $240,000 in OCR penalties related to pixel tracking on its patient portal. Advocate Aurora Health reported approximately 3 million patients affected by pixel-related data exposure in its 2022 OCR breach notification filing.
HIPAA Enforcement vs. Civil Litigation:
| Mechanism | Who Brings It | Damages |
|---|---|---|
| OCR Civil Penalty | Federal government | Fines to $1.9M per violation category per year |
| Private Negligence (HIPAA as standard) | Individual plaintiff class | Actual damages, potentially punitive |
| ECPA Private Action | Individual plaintiff class | Statutory damages ($10,000 minimum per violation) |
| State Privacy Statute | Individual plaintiff class | Statutory + actual damages |
*Attorney Insight: Attorneys litigating these claims use the OCR penalty history against specific hospital defendants as significant leverage, because a hospital that already paid federal fines for pixel tracking cannot credibly argue in civil court that its conduct was reasonable.*
Epic Systems MyChart Lawsuit: Is Epic a Defendant?
The Epic Systems MyChart lawsuit question is one that plaintiffs' attorneys have addressed carefully. Epic Systems Corporation, the developer of the MyChart software platform, is generally not named as a primary defendant in most pixel-tracking complaints.
The legal reasoning is straightforward. Hospital systems, as HIPAA-covered entities, made the decision to install tracking pixels on their patient portal deployments. Epic provided the portal software. The hospitals customized and deployed it. The pixel code was added by hospital marketing and IT departments, not by Epic at the software development level.
Epic has publicly distanced itself from the pixel-tracking practice, issuing guidance to its hospital clients that tracking pixels should not be used on MyChart pages without compliant safeguards. That guidance, issued beginning in 2022 after the scale of the problem became public, is itself relevant to the litigation timeline.
Epic's Legal Posture:
- Not a named defendant in most operative complaints through early 2026
- Has cooperated with some discovery requests regarding software architecture
- Issued client advisory guidance recommending removal of third-party pixels from patient portal pages
- May face future exposure if discovery reveals Epic-level knowledge of pixel integration practices
*Attorney Insight: Attorneys note that Epic's posture may evolve. If discovery produces evidence that Epic was aware of common pixel-tracking practices among its hospital clients and failed to warn or restrict them, its legal exposure could increase in later-filed complaints.*
Litigation Watch: Epic Systems is not the primary legal target in the MyChart pixel-tracking cases. The defendant hospitals, as HIPAA-covered entities that independently deployed tracking code, bear the direct legal exposure under both federal and state law.
MyChart Settlement 2026: What Has Been Resolved So Far
The mychart settlement 2026 picture is incomplete but developing. No single global resolution covering all MyChart-portal pixel-tracking claims has been announced as of this publication.
Several individual settlements in closely related pixel-tracking cases provide a relevant benchmark. Dignity Health reached a preliminary class settlement in a California Superior Court action involving pixel tracking on its patient portal; terms of that settlement are under court review. WakeMed's OCR penalty provides a floor-level data point on institutional liability.
The broader Meta Pixel Healthcare MDL (MDL No. 3134) has seen preliminary settlement discussions with individual hospital defendants. None of those discussions had produced a court-approved settlement fund as of early 2026.
Settlement Benchmark Cases:
| Case / Defendant | Settlement Amount | Per-Claimant Range | Status |
|---|---|---|---|
| Dignity Health (California) | Confidential preliminary terms | Under review | Pending court approval |
| WakeMed OCR Resolution | $240,000 (federal penalty) | N/A | Resolved (regulatory only) |
| Northwestern Memorial (Illinois) | Not yet disclosed | N/A | Ongoing negotiations |
| Meta Pixel MDL 3134 (overall) | No global settlement | N/A | Active litigation |
*Attorney Insight: Attorneys working the MDL note that individual hospital defendants are likely to settle separately rather than wait for a global MDL resolution, which means some class members may receive offers while others remain in active litigation for additional years.*
MyChart Settlement Amount: Realistic Payout Expectations
The mychart settlement amount question is the one most readers want answered directly. The honest answer, based on comparable health data privacy settlements, is that payouts will vary significantly by claim tier and state.
Health data pixel-tracking settlements in resolved comparable cases have structured payouts in tiers based on the type and sensitivity of data exposed and whether the claimant can document specific harm. The ECPA statutory damages floor of $10,000 per violation is the theoretical maximum per claim in a full-trial scenario. Class action settlements routinely distribute far less per individual.
Realistic Payout Ranges Based on Comparable Cases:
| Claim Tier | Basis | Estimated Per-Claimant Range |
|---|---|---|
| Tier 1: General class member | Portal use during exposure period, no documented additional harm | $50 to $250 |
| Tier 2: Enhanced exposure | Condition-specific URL data confirmed captured | $250 to $1,500 |
| Tier 3: Named plaintiff / documented harm | Identity theft, discrimination, or documented injury linked to exposure | $1,500 to $7,500+ |
| State statutory enhancement | California CMIA or Illinois-law claimants | Additional $500 to $2,500 potential |
*Attorney Insight: Attorneys caution that these ranges are projections based on comparable settlements, not guaranteed outcomes. The actual fund allocation will depend on total class size, attorneys' fees, administrative costs, and the specific settlement terms approved by the court.*
MyChart Class Action Settlement Payout: How Funds Are Distributed
The mychart class action settlement payout process follows a standard federal class action distribution protocol, but patients should understand that timeline and process before deciding whether to file.
Once a settlement is approved by the court, a claims administrator is appointed. Class members receive notice, typically by mail or email, and must submit a claim form within a specified deadline. Late claims are generally barred.
The settlement fund is then distributed on a pro-rata basis among approved claimants, after deducting attorneys' fees (typically 25% to 33% of the total fund) and administrative costs. If the class is large and the fund is limited, individual payouts decrease proportionally.
Standard Distribution Timeline:
- Court approves settlement (preliminary approval)
- Class notice issued by administrator (typically 45-90 days after preliminary approval)
- Claims filing window opens (typically 90 to 180 days)
- Objection period closes
- Final approval hearing
- Distribution to approved claimants (typically 60 to 120 days after final approval)
- Total elapsed time from preliminary approval to checks: 12 to 24 months typically
*Attorney Insight: Attorneys advise claimants not to evaluate a settlement solely on the per-claimant estimate circulated before the filing window closes. Total class participation significantly affects individual payouts, and early estimates frequently prove optimistic.*
Litigation Watch: MyChart class action settlement payouts will not arrive quickly. The litigation is at the class certification and discovery phase in most active courts. Claimants should expect a multi-year timeline before any distribution reaches individual accounts.
MyChart Lawsuit Compensation: What Plaintiffs Are Actually Seeking
MyChart lawsuit compensation demands in the operative complaints go beyond direct statutory damages. Plaintiffs are seeking a full damages package that reflects both the economic and non-economic dimensions of the privacy violation.
The complaints in MDL 3134 and related filings demand:
Categories of Compensation Sought:
- Statutory damages under ECPA: $10,000 per violation or $100 per day, whichever is greater
- Actual damages for any documented economic harm linked to the data exposure
- Disgorgement of profits hospitals derived from advertising performance benefits generated by the pixel data
- Injunctive relief requiring hospital systems to remove all non-compliant tracking code from patient portals
- Attorneys' fees and costs under applicable fee-shifting statutes
- Punitive damages in states where statutory frameworks permit them (California, Illinois)
The disgorgement theory is notable. Plaintiffs argue that hospitals derived measurable economic benefit from using pixel data to optimize their advertising, meaning the data had commercial value that the hospital captured at the patient's expense.
*Attorney Insight: Attorneys emphasize that the disgorgement theory, if it survives summary judgment, could substantially increase the settlement pressure on hospital defendants because it requires disclosing the financial value derived from the pixel data, information hospitals have resisted producing in discovery.*
MyChart Lawsuit Filing Deadline 2026: What You Need to Know About Statutes of Limitations
The mychart lawsuit filing deadline 2026 is not a single universal date. Statutes of limitations for these claims vary by legal theory and state, and missing the applicable deadline bars recovery entirely.
This is one of the most consequential and underreported aspects of the litigation. The relevant limitation periods depend on which legal theory applies in your state and when you knew or should have known about the data exposure.
Key Limitation Periods:
| Legal Theory / State | Statute of Limitations | Discovery Rule |
|---|---|---|
| Federal ECPA Wiretapping | 2 years from discovery | Discovery rule applies |
| California CMIA | 3 years | Accrues at discovery |
| Illinois Consumer Fraud Act | 3 years | Accrues at discovery |
| Pennsylvania Wiretapping | 2 years | Accrues at interception |
| General negligence (most states) | 2 to 3 years | Varies by state |
| North Carolina Privacy (WakeMed) | 3 years | Accrues at discovery |
The discovery rule is critical. For many patients, the clock did not start running when the pixel transmitted their data. It started running when they received a breach notification letter or saw a news report about the hospital's pixel use. Many breach notifications were sent in 2022 and 2023, meaning deadlines under 2-year statutes may fall in 2024 or 2025 for some claimants.
For patients in states with 3-year limitations periods who received notice in 2023, the window may extend into 2026, making 2026 a genuinely critical year for claim preservation.
*Attorney Insight: Attorneys consistently flag that the most common reason potentially valid plaintiffs lose their claims is waiting too long after receiving a breach notification. Consulting a privacy or class action attorney immediately upon receiving any hospital data notice is the most protective action a patient can take.*
How to File a MyChart Class Action Claim
How to file a mychart class action claim follows a process that differs depending on whether a settlement has been announced in your specific case or whether the case is still in active litigation.
If No Settlement Has Been Announced (Current Status for Most Cases):
You do not file a claim form. There is no claims portal active for most MyChart pixel-tracking cases in early 2026. Instead, the appropriate action is to contact a plaintiff's-side class action or privacy attorney to discuss whether your situation is covered under an existing complaint.
If a Settlement Is Announced:
The court-approved settlement administrator will issue notice through mail, email, and sometimes media publication. That notice will include a unique claim ID and instructions for submitting a claim form online or by mail. You do not need an attorney to submit a standard claim form in a class action.
What to Gather Now:
- Any breach notification letter received from a hospital regarding pixel tracking or data sharing
- Records showing your use of a MyChart patient portal (account creation emails, appointment confirmations)
- Documentation of the hospital system and approximate dates of portal use
- Any documentation of harm linked to the exposure (unusual ad targeting, identity theft, etc.)
*Attorney Insight: Attorneys recommend retaining any breach notification letters without delay, because those documents establish both notice (for statute of limitations purposes) and a factual record of the hospital's own acknowledgment of the data exposure.*
MyChart Privacy Lawsuit: State Law Variations That Affect Your Claim
The mychart privacy lawsuit landscape is not uniform across the United States. The strength of an individual claim depends significantly on which state the claimant is in and which state laws apply to the specific hospital system involved.
California plaintiffs have access to the Confidentiality of Medical Information Act, which provides $1,000 in statutory damages per violation without requiring proof of actual harm. This is a powerful claim vehicle. The CCPA also provides supplemental remedies for California residents.
Illinois plaintiffs benefit from the Illinois Consumer Fraud and Deceptive Business Practices Act, which allows for punitive damages and attorneys' fees. Illinois also has a strong wiretapping statute that has survived multiple constitutional challenges.
State Law Advantage Matrix:
| State | Key Statute | Statutory Damages | Punitive Damages | Attorney Fee Shifting |
|---|---|---|---|---|
| California | CMIA + CCPA | $1,000/violation | No (CMIA); possible under CCPA | Yes |
| Illinois | Consumer Fraud Act | Actual + punitive | Yes | Yes |
| Washington | My Health MY Data Act | $25,000/violation (extreme) | Possible | Yes |
| Pennsylvania | Wiretap Act | $100/day or $1,000 | Possible | Yes |
| North Carolina | NCIDPA | Actual damages | No private punitive | Limited |
*Attorney Insight: Attorneys in California and Illinois consistently report the strongest intake cases because both states provide statutory damages floors that survive even when a plaintiff cannot document a specific out-of-pocket loss from the data exposure.*
What Type of Attorney Handles the MyChart Lawsuit?
The mychart lawsuit attorney type is a specific subspecialty. Not every plaintiff's attorney handles health data privacy class actions, and the distinction matters for potential claimants.
These cases sit at the intersection of three legal disciplines: class action litigation, health law and HIPAA compliance, and digital privacy and wiretapping law. The attorneys and firms that have taken the lead in the MyChart pixel-tracking space have backgrounds in all three.
Firms publicly associated with pixel-tracking healthcare litigation include Dicello Levitt LLP, Lieff Cabraser Heimann & Bernstein LLP, Gibbs Law Group, and Morgan & Morgan P.A. These firms appear as plaintiffs' counsel in MDL 3134 and related state-court filings based on public docket records.
What to Look for in an Attorney:
- Demonstrated class action litigation experience, specifically in data privacy or healthcare contexts
- Familiarity with HIPAA, ECPA, and applicable state health privacy statutes
- Active involvement in existing pixel-tracking healthcare litigation (check MDL 3134 docket for counsel names)
- Contingency fee representation (standard for class action work; you pay nothing unless the case resolves in your favor)
*Attorney Insight: Attorneys handling these cases typically do not charge upfront fees. Fees are paid from any settlement or judgment. A patient with a potential claim should not let cost concerns prevent them from seeking an initial consultation.*
Litigation Watch: The MyChart lawsuit attorney landscape is dominated by a small group of nationally prominent class action and privacy law firms. If you are exploring whether to participate in this litigation, the most efficient first step is identifying whether your hospital is a named defendant in an existing MDL complaint and which firm is lead counsel.
Frequently Asked Questions
What is the MyChart class action lawsuit about in 2026?
The MyChart class action lawsuit in 2026 targets hospital systems that embedded advertising tracking pixels inside their patient portals, causing protected health information to be transmitted to Meta and Google without patient consent.
The legal claims include violations of the federal Electronic Communications Privacy Act, HIPAA-based negligence, and state health privacy statutes in California, Illinois, Washington, and other states.
The cases are consolidated in part under MDL No. 3134 in the Northern District of California.
Who qualifies to join the MyChart lawsuit in 2026?
Patients who used a MyChart-powered hospital patient portal between approximately 2016 and 2024 at a named defendant hospital system are the primary class members.
Stronger claims belong to patients who accessed condition-specific content such as lab results, medication lists, or appointment scheduling, where the pixel captured health-identifying URL data.
Patients who received a hospital breach notification letter regarding pixel tracking or third-party data sharing have the clearest evidentiary standing.
Which hospitals are named in the MyChart class action?
Named defendants in publicly filed complaints through early 2026 include Advocate Aurora Health, UCSF Medical Center, WakeMed Health and Hospitals, Northwestern Memorial Hospital, Dignity Health, and Novant Health, among others.
Additional health systems are expected to be added as discovery in MDL No. 3134 reveals the scope of pixel deployment across the Epic MyChart client base.
Patients whose specific hospital is not yet named should still consult an attorney, because the litigation scope continues to expand.
How much money could I receive from a MyChart settlement?
Based on comparable health data pixel-tracking class action settlements, general class members can expect payouts in the range of $50 to $250, with enhanced tiers for claimants with documented condition-specific data exposure reaching $250 to $1,500 or more.
Named plaintiffs and those who can document specific harm linked to the exposure may receive substantially higher awards.
No final settlement fund has been confirmed as of 2026 publication, and actual per-claimant amounts will depend on total class participation and court-approved allocation.
What is the filing deadline for the MyChart lawsuit in 2026?
There is no single universal deadline. Statutes of limitations vary by state and legal theory, ranging from two years under federal ECPA to three years under California's CMIA and Illinois' Consumer Fraud Act.
The clock typically starts running when a patient received a breach notification letter, meaning patients who received hospital pixel-tracking notices in 2023 may face 2025 or 2026 deadlines under two-year limitation statutes.
Consulting a privacy or class action attorney as soon as possible is the most reliable way to determine whether your specific deadline has passed.
What type of attorney handles the MyChart class action lawsuit?
These cases require attorneys with experience at the intersection of class action litigation, HIPAA and health law, and digital privacy or wiretapping law.
Firms appearing as lead plaintiffs' counsel in MDL No. 3134 and related state filings include Dicello Levitt LLP, Lieff Cabraser Heimann & Bernstein LLP, Gibbs Law Group, and Morgan & Morgan P.A., based on public court records.
All representation in class action cases of this type is on a contingency basis, meaning no upfront cost to the individual claimant.
Closing
The MyChart pixel-tracking litigation is one of the most significant healthcare privacy enforcement actions working through the federal court system in 2026. The core legal questions, whether hospitals can share patient health data through ad-tech infrastructure without consent, have survived early dismissal challenges and are heading toward class certification determinations that will shape the outcome for tens of millions of patients.
For anyone who used a hospital's MyChart portal and received a data breach or privacy notification from their healthcare provider, the time to understand their position is now. Applicable deadlines are real and are already passing for some claimants.
The most productive next step is a consultation with an attorney who handles federal class action or health data privacy litigation. That conversation costs nothing in these cases and carries no obligation. The legal picture here is specific enough that it requires specific legal guidance.
